From 18c845ddc88c0085da9b7785cd8e0be7097d9c26 Mon Sep 17 00:00:00 2001
From: F04C <israeldarrel01@gmail.com>
Date: Wed, 21 Jan 2026 09:27:15 +0800
Subject: [PATCH] added redirect if there's no email found in the system

---
 handlers/google_auth.go | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/handlers/google_auth.go b/handlers/google_auth.go
index aa9338a..09aa4bb 100644
--- a/handlers/google_auth.go
+++ b/handlers/google_auth.go
@@ -176,8 +176,23 @@ func GoogleCallback(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if !emailExists {
-		helper.LogError(errors.New("email not found"), "Email not registered: "+email)
-		helper.RespondWithError(w, http.StatusUnauthorized, "Please contact your administrator to request access.")
+		if FetchedRedirectURI != nil && *FetchedRedirectURI != "" {
+			RedirectURI := *FetchedRedirectURI
+			log.Print("RedirectURI from query param: ", RedirectURI)
+			if !IsAllowedRedirectURI(RedirectURI) {
+				helper.RespondWithError(w, http.StatusUnauthorized, "Unauthorized RedirectURI")
+				log.Print("Unauthorized RedirectURI: ", RedirectURI)
+				return
+			}
+			log.Print("Valid redirect_uri: ", RedirectURI)
+			RedirectURL := fmt.Sprintf("%s/callback?error=%s=", RedirectURI, "unregistered_email")
+			http.Redirect(w, r, RedirectURL, http.StatusSeeOther)
+			return
+		}
+
+		log.Print("No redirect_uri provided, returning JSON response")
+		// No redirect_uri provided, return JSON response
+		helper.RespondWithError(w, http.StatusUnauthorized, "Your email is not registered in the system. Please contact your administrator to request access.")
 		return
 	}
 
@@ -190,7 +205,7 @@ func GoogleCallback(w http.ResponseWriter, r *http.Request) {
 
 	var refreshTokenExpiry time.Duration
 	if emailExists {
-		refreshTokenExpiry = 7 * 24 * time.Hour
+		refreshTokenExpiry = 7 * 24 * time.Hour // 1 Week for registered users
 	} else {
 		refreshTokenExpiry = 2 * time.Hour
 	}
@@ -220,11 +235,6 @@ func GoogleCallback(w http.ResponseWriter, r *http.Request) {
 	helper.LogInfo(fmt.Sprintf("Refresh token cookie set: Domain=%s, Secure=%v, HttpOnly=%v, SameSite=%v",
 		cookieConfig.Domain, cookieConfig.Secure, cookieConfig.HttpOnly, cookieConfig.SameSite))
 
-	if !emailExists {
-		helper.RespondWithError(w, http.StatusUnauthorized, "Please contact your administrator to request access.")
-		return
-	}
-
 	helper.LogInfo("Fetching first name for email: " + email)
 	helper.LogInfo("Userinfo Email: " + userInfo.Email)